US20210049286A1 - Data Input Method And Apparatus And User Equipment - Google Patents

Data Input Method And Apparatus And User Equipment Download PDF

Info

Publication number
US20210049286A1
US20210049286A1 US17/085,539 US202017085539A US2021049286A1 US 20210049286 A1 US20210049286 A1 US 20210049286A1 US 202017085539 A US202017085539 A US 202017085539A US 2021049286 A1 US2021049286 A1 US 2021049286A1
Authority
US
United States
Prior art keywords
operating environment
event
secure
display area
preset display
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US17/085,539
Other versions
US11574064B2 (en
Inventor
Peng Zhang
Ji Wang
Hui Li
Hongliang Xie
Xiaopu WANG
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to US17/085,539 priority Critical patent/US11574064B2/en
Publication of US20210049286A1 publication Critical patent/US20210049286A1/en
Assigned to HUAWEI TECHNOLOGIES CO., LTD. reassignment HUAWEI TECHNOLOGIES CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LI, HUI, WANG, JI, WANG, Xiaopu, XIE, HONGLIANG, ZHANG, PENG
Application granted granted Critical
Publication of US11574064B2 publication Critical patent/US11574064B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a data input method and apparatus, and user equipment.
  • user equipment user equipment, UE
  • UE user equipment
  • the user equipment continuously develops, and system functions of the user equipment also increase continuously. With an increase in the system functions, security vulnerability inevitably occurs in a system of the user equipment.
  • An attacker may intrude the system of the user equipment by using the security vulnerability, to obtain data stored in the user equipment, and security of a user input operation and terminal displaying cannot be ensured.
  • a user implements payment by using user equipment. When the user is entering data at an interface provided by the user equipment, an attacker may intercept an input event of the user and content displayed on the user equipment to obtain the data entered by the user. The attacker may then analyze stored historical data corresponding to an application used for the payment to obtain an account of the user.
  • Trust Zone TrustZone
  • hardware composition of the user equipment is divided into a Secure World (secure world) and a Normal World (normal world), and data in the Secure World can be transmitted only by using a monitor (monitor).
  • An operating system of the user equipment runs in the Normal World.
  • a program that runs in the Secure World has a higher security level than a program that runs in the Normal World.
  • the Secure World is isolated from the Normal World by using hardware. The Secure World has a right to access all data in the Normal World, but the Normal World has no right to access data in the Secure World.
  • the Secure World When the user equipment is started, the Secure World is first entered, and then a program in the Secure World is responsible for switching to the Normal World, and starting the operating system of the user equipment.
  • Concepts of the Secure World and the Normal World are put forward in the TrustZone technology, to resolve a problem of data input security in the user equipment.
  • a data input environment that runs in the Secure World is provided, and the user may operate an event such as entering an account or a password in the provided data input environment.
  • the displayed content usually covers the entire display area of the user equipment.
  • the present invention provides a data input method and apparatus, and user equipment, so that security of an event generated when a user operates a program that runs in a Normal World of the user equipment can be better improved, and an event that runs in the Normal World can be directly operated.
  • a data input method includes: when it is determined that an operation of a user on UE is not performed in a preset display area, delivering an event corresponding to the operation to a first operating environment for processing, where the preset display area runs in a second operating environment of the UE, and the second operating environment has a higher security level than the first operating environment.
  • the method further includes: receiving an operation of the user in an input area presented by a display unit for the user, and generating an event corresponding to the operation; determining whether the event generated when the user performs the operation in the input area is a secure input event; and if it is determined that the event generated when the user performs the operation in the input area is a secure input event, starting the preset display area, and presenting the preset display area to the user by using the display unit.
  • the starting the preset display area includes: backing up a current event in the first operating environment; triggering an interrupt in the second operating environment; and starting the preset display area by using the interrupt in the second operating environment.
  • Determining is performed on a corresponding event generated when the user performs an operation in an input area that runs in the first operating environment, and whether the event is a secure input event is determined.
  • the event is a secure input event
  • switching from the first operating environment to the second operating environment is performed, that is, the preset display area is presented to the user, so that a secure input time generated when the user performs an operation on the user equipment may be switched to the second operating environment for processing. In this case, security of the event generated when the user performs the operation on the user equipment can be better ensured.
  • the preset display area and the input area are simultaneously presented on a screen of the user equipment.
  • the delivering an event corresponding to the operation to a first operating environment for processing includes: storing the event corresponding to the operation in a shared storage area, where the shared storage area is a storage area that is shared by the first operating environment and the second operating environment; and triggering an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing.
  • the triggering an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing includes: triggering the interrupt in the first operating environment, and invoking a daemon thread in the first secure environment, so as to deliver, by using the daemon thread, the event stored in the shared storage area to the first operating environment for processing.
  • the method before it is determined that the operation of the user on the user equipment UE is not performed in the preset display area, the method further includes: when it is determined that the event corresponding to the operation is a secure input event, displaying the preset display area, so that the user performs the operation in the preset display area, where the secure input event is a data input event with an authority verification attribute.
  • the method further includes: hiding the preset display area. This can improve flexibility of a user operation.
  • the preset display area includes a formatted input edit box.
  • the formatted input edit box includes at least one of the following: a specified input type may be an input type such as nine-key numeric type, a nine-key Chinese character type, a nine-key alphabetic type, a number and Chinese character hybrid type. This can improve convenience of a user operation.
  • a data input apparatus has a function of implementing an action of a terminal in any method design according to the first aspect and the first to the eighth possible implementations of the first aspect.
  • the function may be implemented by hardware, or may be implemented by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the function.
  • a user terminal has a function of implementing an action of a terminal in any method design according to the first aspect and the first to the eighth possible implementations of the first aspect.
  • the function may be implemented by hardware, or may be implemented by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the function.
  • a structure of the terminal includes a memory and a processor.
  • the memory is configured to store a group of programs
  • the processor is configured to invoke the programs stored in the memory, to execute the method in any one of the first aspect, or the first to the eighth possible implementations of the first aspect.
  • a computer storage medium is provided, and is configured to store a computer software instruction used by a data input apparatus, and the computer software instruction includes a program designed to execute the foregoing aspects.
  • the event corresponding to the operation is delivered to the first operating environment for processing.
  • the user operates a program that runs in a Normal World of the user equipment, even if the user needs to process another non-secure event, security of an event generated when the user operates the program that runs in the Normal World of the user equipment can be ensured, and an event that runs in the Normal World can be directly operated.
  • FIG. 1A and FIG. 1B are a schematic diagram of a logical structure of a computing node to which a data input method is applied according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of structural composition of user equipment according to an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of structural composition of user equipment according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of hardware composition of a Secure World of a data input system according to an embodiment of the present invention
  • FIG. 5 is a flowchart of a data input method according to an embodiment of the present invention.
  • FIG. 6 is a schematic diagram of an input edit box according to an embodiment of the present invention.
  • FIG. 7 is a schematic diagram of a preset display area and an input area according to an embodiment of the present invention.
  • FIG. 8 is a schematic diagram of a specified input type according to an embodiment of the present invention.
  • FIG. 9 is a flowchart of a data input method according to an embodiment of the present invention.
  • FIG. 10 is a schematic diagram of structural composition of a data input apparatus according to an embodiment of the present invention.
  • FIG. 1A and FIG. 1B are used as an example to describe a logical structure of a computing node to which a data input method provided in this embodiment of the present invention is applied.
  • the computing node may be user equipment, and the user equipment may be specifically a desktop computer, a notebook computer, a smartphone, a tablet, or the like.
  • a hardware layer of the user equipment includes a central processing unit (Center Processing Unit, CPU), a graphics processing unit (Graphic Processing Unit, GPU), and the like.
  • the hardware layer of the user equipment may further include a memory, an input/output device (Input Device), a network interface, and the like.
  • the input device may include a keyboard, a mouse, a touchscreen, and the like.
  • the output device may include a display device such as a liquid crystal display (Liquid Crystal Display, LCD), a cathode-ray tube (Cathode Ray Tube, CRT), holographic imaging (Holographic), or a projector (Projector).
  • An operating system such as Android
  • a kernel library layer is a core part of the operating system, and includes an input/output service, a kernel service, a graphics device interface, a graphics engine (Graphics Engine) that implements graphics processing of the CPU and the GPU, and the like.
  • the graphics engine may include a 2 D engine, a 3 D engine, a combining unit (Composition), a frame buffer (Frame Buffer), and the like.
  • the kernel library layer further includes an input method service.
  • the input method service includes an input method service embedded in a terminal.
  • the input method service further includes the data input method provided in this embodiment of the present invention.
  • the terminal further includes a driver layer, a framework layer, and an application layer.
  • the driver layer may include a CPU driver (driver), a GPU driver, a display controller driver, a TrustZone driver (Trust Zone Driver), and the like.
  • the framework layer may include a graphic service (Graphic Service), a system service (System service), a web service (Web Service), a user service (Customer Service), and the like.
  • the graphic service may include a widget (Widget), a canvas (Canvas), a view (Views), a render script, and the like.
  • the application layer may include a desktop (launcher), a media player (Media Player), a browser (Browser), and the like.
  • a secure operating environment when hardware and program instructions of user equipment run, there may be two operating environments: a secure operating environment and a non-secure operating environment.
  • the non-secure operating environment may also be referred to as a Normal World, and is corresponding to a first operating environment put forward in this embodiment of the present invention.
  • the secure operating environment may also be referred to as a Secure World, and is corresponding to a second operating environment put forward in this embodiment of the present invention.
  • a program and hardware of the user equipment that run in the secure operating environment have a higher security level than a program and hardware of the user equipment that run in the non-secure operating environment.
  • the Secure World may also be a virtual operating environment isolated from the operating system of the user equipment.
  • the user equipment 200 includes: at least one processor 201 , at least one network interface 204 or another user interface 203 , a memory 205 , and at least one communications bus 202 .
  • the communications bus 202 is configured to implement connection and communication between these components.
  • the user equipment 200 includes the user interface 203 that includes a display (for example, the LCD, the CRT, the holographic imaging (Holographic), or the projector (Projector) shown in FIG. 1A and FIG. 1B ), a keyboard or a click device (for example, a mouse, a trackball (trackball), a touchpad, or a touchscreen), and the like.
  • the memory 205 may include a read-only memory and a random access memory, and provide the processor 201 with a program instruction and data that are stored in the memory 205 .
  • a part of the memory 205 may further include a nonvolatile random access memory (NVRAM).
  • NVRAM nonvolatile random access memory
  • the memory 205 stores the following elements: an executable module or a data structure, or a subset thereof, or an extended set thereof.
  • An operating system 2051 includes various system program instructions.
  • the program instructions may run on the framework layer, the kernel library layer, the driver layer, and the like shown in FIG. 1A and FIG. 1B , and are used to implement various basic services and process hardware-based tasks.
  • the operating system may run in both a first operating environment and a second operating environment whose security level is higher than the first operating environment.
  • An application program 2052 includes various application programs, for example, the desktop (launcher), the media player (Media Player), the browser (Browser), and an input method application that are shown in FIG. 1A and FIG. 1B , and the various application programs are used to implement various application services.
  • the various application programs in the application program 2052 may be applied to the first operating environment, or may run in the second operating environment.
  • the application program 2052 stores a program instruction that implements the data input method, and the program instruction runs in the second operating environment.
  • the memory 205 may also be referred to as a storage area, and is configured to store a program of the data input method, and store the operating system.
  • the processor 201 invokes the program instruction stored in the memory 205 , and according to the obtained program instruction, the processor 201 is configured to: when it is determined that an operation of a user on the UE is not performed in a preset display area, deliver an event corresponding to the operation to the first operating environment for processing.
  • the processor 201 is further configured to: when it is determined that the event corresponding to the operation is a secure input event, display the preset display area, so that the user performs the operation in the preset display area.
  • the secure input event is a data input event with an authority verification attribute.
  • the processor 201 is specifically configured to store the event corresponding to the operation in a shared storage area.
  • the shared storage area is a storage area that is shared by the first operating environment and the second operating environment.
  • the user equipment further includes an interrupt in the first operating environment (which is not shown in FIG. 2 ).
  • the processor 201 triggers the interrupt in the first operating environment, and the interrupt in the first operating environment delivers the event stored in the shared storage area to the first operating environment for processing. Further, the processor 201 is specifically configured to: trigger the interrupt in the first operating environment, and invoke a daemon thread in the first secure environment, so as to deliver, by using the daemon thread, the event stored in the shared storage area to the first operating environment for processing.
  • the processor 201 is specifically configured to hide the preset display area.
  • FIG. 3 is a schematic diagram of structural composition of user equipment 300 .
  • the user equipment 300 mainly includes a memory 320 , a processor 360 , and an input unit 330 .
  • the input unit 330 is configured to receive an event generated when a user performs an operation on a terminal.
  • the memory 320 is configured to store program instructions of an operating system and various application programs.
  • a first operating environment and a second operating environment are put forward.
  • the memory 320 may be divided into a secure memory (which may also be referred to as a secure storage area), a non-secure memory (which may also be referred to as a non-secure storage area), and a shared memory (which may also be referred to as a shared storage area).
  • the non-secure memory is disposed in the first operating environment
  • the secure memory is disposed in the second operating environment.
  • the second operating environment has a higher security level than the first operating environment.
  • a processor or an interrupt disposed in the first operating environment cannot directly access the secure memory in the second operating environment.
  • a processor or an interrupt in the second operating environment may access the non-secure processor disposed in the first operating environment, and access the non-secure storage area.
  • data stored in the shared memory is data that may be accessed by processors or interrupts in both the first operating environment and the second operating environment. That is, the processors or the interrupts in the first operating environment and the second operating environment may access the shared memory to obtain the data in the shared memory.
  • processor 360 It may be understood that for a specific implementation function of the processor 360 , reference may be made to the detailed descriptions of the processor 201 , and details are not described herein again.
  • the memory 320 may be a memory of the user equipment 300 .
  • the memory may be divided into three storage spaces.
  • the three storage spaces are separately corresponding to a secure memory disposed in the first operating environment, a non-secure memory disposed in the second environment, and a shared memory that may be accessed by application programs or hardware in both the first operating environment and the second operating environment.
  • the secure memory, the non-secure memory, and the shared memory may have spaces of a same size, or may have spaces of different sizes according to different stored data input events.
  • the input unit 330 of the user equipment may be configured to receive number or character information that is entered by the user, so as to generate a signal input related to user settings or function control of the user equipment 300 .
  • the input unit 330 may include a touch panel 331 .
  • the touch panel 331 may collect an operation (such as an operation performed by the user on the touch panel 331 by using any proper object or accessory, such as a finger or a stylus) performed by the user on the touch panel 331 , and drive, according to a preset program instruction, a corresponding apparatus connected to the touch panel 331 .
  • the touch panel 331 may include two parts: a touch detection apparatus and a touch controller.
  • the touch detection apparatus detects a touch location of the user, detects a signal brought by the touch operation, and sends the signal to the touch controller.
  • the touch controller receives touch information received from the touch detection apparatus, converts the touch information into touch coordinates, and sends the touch coordinates to the processor 360 .
  • the touch controller can further receive and execute a command sent by the processor 360 .
  • the touch panel 331 may be implemented by using multiple types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave.
  • the input unit 330 may further include another input device 332 .
  • the another input device 332 may include but is not limited to one or more of a physical keyboard, a functional key (such as a volume control key or an on/off key), a trackball, a mouse, a joystick, or the like.
  • the user equipment 300 may further include a display unit 340 .
  • the display unit 340 may be configured to display information entered by the user or information provided for the user and various menu interfaces of the user equipment 300 .
  • the display unit 340 may include a display panel 341 .
  • the display panel 341 may be configured in a form such as a liquid crystal display (Liquid Crystal Display, LCD) or an organic light-emitting diode (Organic Light-Emitting Diode, OLED).
  • the touch panel 331 covers the display panel 341 , to form a touch display screen.
  • the touch display screen provides a preset display area for the user. After detecting a touch operation on or near the touch display screen, the touch display screen 7 transmits the touch operation to the processor 360 to determine a type of a touch event. Then the processor 360 provides a corresponding visual output on the touch display screen according to the type of the touch event.
  • the touch display screen includes different display areas.
  • Each display area may include at least one interface element such as an icon of an application program and/or a widget home screen widget.
  • the processor 360 is a control center of the user equipment 300 , is connected to each part of an entire mobile phone by using various interfaces and lines, and performs various functions of the user equipment 300 and data processing by running or executing the software program and/or the module that are/is stored in the memory 320 , so as to perform overall monitoring on the user equipment 300 .
  • the processor 360 first enters the second operating environment, and performs initialization setting of the operating system in the second operating environment, so as to ensure security of the operating system.
  • the initialization setting includes initialization of a monitor mode.
  • all memories the secure memory, the non-secure memory, and the shared memory
  • an operating system image that needs to run in the first operating environment is loaded into the non-secure memory, and then the system image in the first operating environment runs.
  • the user equipment 300 may further include an RF circuit 310 , a WiFi module 380 that is configured to provide a wireless connection, a power supply 390 , and an audio frequency circuit 370 that is configured to provide sound input and output.
  • operating environments of a data input method are divided into a Normal World (a first operating environment) and a Secure World (a second operating environment).
  • a Normal World a first operating environment
  • a Secure World a second operating environment
  • one user equipment has only one set of hardware structures.
  • security attributes of some hardware can be dynamically set, but security attributes of the other hardware are fixed.
  • Security of the entire system is obtained by dividing a hardware resource and a software resource of a system on chip (System on Chip, SoC) into the two worlds.
  • SoC system on Chip
  • the SoC system includes a processor (Core) 401 .
  • each physical processor core provides two virtual cores: a non-secure (Non-secure, NS) core and a secure (Secure) core.
  • a mechanism of switching between the non-secure core and the secure core is referred to as a monitor (monitor) mode.
  • the non-secure core can access only a system resource of the NS, but the secure core can access all resources in the user equipment.
  • the SoC further includes direct memory access (Direct Memory Access, DMA) 402 , a secure random access memory (Secure Random Access Memory, Secure RAM) 403 , a secure boot read only memory (Secure Boot Read Only Memory, Secure Boot ROM) 404 , a generic interrupt controller (Generic Interrupt Controller, GIC) 405 that is integrated with TrustZone support and that can work in the first operating environment and the second operating environment, a TrustZone interrupt controller (Trust Zone Interrupt Controller, TZIC) 406 that may be independently implemented, and the like.
  • DMA Direct Memory Access
  • SDRAM Secure Random Access Memory
  • Secure Boot Read Only Memory Secure Boot ROM
  • GIC Generic Interrupt Controller
  • TZIC TrustZone interrupt controller
  • the SoC further includes a TrustZone address space controller (Trust Zone Address Space Controller, TZASC) 407 that is configured to support a secure interrupt, a TrustZone protection controller (Trust Zone Protection Controller, TZPC) 408 , a dynamic memory controller (Dynamic Memory Controller, DMC) 409 , a dynamic RAM (Dynamic RAM) 410 , and the like.
  • TZASC TrustZone Address Space Controller
  • TZPC TrustZone protection controller
  • DMC Dynamic Memory Controller
  • DMC Dynamic RAM
  • the TZPC is configured to set a security attribute of a peripheral.
  • the TZPC may set an attribute of the display unit to secure. In this case, an operation in the first operating environment cannot access a device that is set as secure.
  • the TZASC is configured to control classification of a security attribute of the DRAM.
  • the TZASC may set a part of the DRAM as secure, and set the other part of the DRAM as non-secure. If the processor in the first operating environment initiates an access request to the secure memory, the access request is refused. Access of DMA in the first operating environment to the secure memory is refused, and this ensures that the secure memory is not accessed by any operating system or hardware in the first operating environment.
  • the GIC is responsible for controlling all interrupt information, and the GIC may set some interrupts as secure, and set some interrupts as normal.
  • SoC components are connected to each other by using an Advanced Extensible Interface (Advanced eXtensible Interactive, AXI) 411 .
  • the SoC communicates with the peripheral by using an Advanced Extensible Interface to Advanced Peripheral Bus Bridge (Advanced eXtensible Interactive to Advanced Peripheral Bus Bridge, AXI2APB) bridge 412 .
  • the AXI2APB may sense a security attribute of an event that currently accesses the peripheral. When an event in the first operating environment accesses a peripheral whose attribute is set to secure, the AXI2APB refuses this access.
  • a secure RAM and a secure ROM are isolated by using a software and hardware mechanism, and the secure RAM and the secure ROM are configured to store an operating system that runs in the second operating environment.
  • the SoC system is initiated after powered on.
  • the system first enters the second operating environment, and then performs initiation setting in the second operating environment.
  • the initiation setting includes initiation of the operating system in the second operating environment.
  • all memories in the operating system of the user equipment are in the second operating environment.
  • the operating system image that needs to run in the first operating environment is loaded to a memory, and some memories are allocated to the first operating environment. Security attributes of the some memories allocated to the first operating environment are set to non-secure. Then the system image in the first operating environment runs.
  • FIG. 5 a specific implementation process of delivering an event from a first operating environment to a second operating environment for processing is first described.
  • Step 1 A display unit presents an input area to a user, and the user performs an operation in the input area to generate an event corresponding to the operation.
  • the display unit may include a touch panel of a touch nature.
  • the user touches the touch panel, enters a payment account in the input area, and continues to enter a payment password after entering the payment account.
  • a processor receives an event generated when the user operates the touch panel.
  • a non-secure core in the first operating environment may receive the event generated when the user operates the touch panel.
  • Step 2 The processor determines whether the event generated when the user operates performs the operation in the input area is a secure input event. If it is determined that the event is not a secure input event, the user continues to perform the operation in the input area to generate an event corresponding to the operation, and the processor continues to process the event.
  • the secure input event is an event generated only when the user enters a password with an authority verification attribute. For example, in a payment application, after the user enters a user name, the user needs to continue to enter a payment password corresponding to the user name, and after the payment password and the user name are matched, payment is completed. An event corresponding to an operation that the user continues to enter the payment password corresponding to the user name is a secure input event.
  • a security attribute of the input area presented by the display unit may be edited in advance.
  • the input area is set to a non-secure display area that runs in the first operating environment and a secure display area that runs in the second operating environment.
  • an input area in the first operating environment may be an input edit box with a fixed shape and size.
  • the input edit box may be in any shape. As shown in FIG. 6 , a square shape is only used as an example.
  • a security attribute may be added to the input edit box, and the security attribute is set.
  • the secure attribute is set to a numeric attribute. That is, when a received event operated by the user in the input edit box is triggering numeric input, it is determined that the event is a secure input event.
  • the payment password of the numeric type is 12345678
  • the user triggers a number it is determined that a data input event operated by the user is a secure input event.
  • Step 3 The processor triggers a TZ driver when it is determined that a data input event operated by the user is a secure input event.
  • the TZ driver triggers a monitor (monitor) mode used for switching between the first operating environment and the second operating environment, and the processor enters the second operating environment by using a monitor.
  • Step 4 The processor backs up a current event in the first operating environment in the monitor mode.
  • the processor triggers an interrupt in the first operating environment, and stores the currently determined secure input event in a shared storage area. After saving of the secure input event is completed, an interrupt in the second operating environment is triggered in the monitor mode, and a processor in the second operating environment, that is, a secure core, is triggered by using the interrupt in the second operating environment.
  • Step 5 The secure core (that is, the processor in the second operating environment) triggers the interrupt, starts a preset display area, and presents the preset display area to the user by using the display unit. A following operation of the user is performed in the preset display area.
  • the preset display area runs in the second operating environment.
  • the preset display area may be a part of a screen of the user equipment, and the user may perform an input operation in the preset display area.
  • the preset display area may be an input edit box that has a fixed shape and size and has a security attribute.
  • the preset display area is started.
  • the preset display area and the input area may be simultaneously presented on the screen of the user equipment.
  • the preset display area may cover a part of the input area and overlap the part of the input area.
  • the preset display area may include a specified input type. As shown in FIG.
  • the specified input type may be an input type such as a nine-key numeric type, a nine-key Chinese character type (which is not shown in FIG. 8 ), a nine-key alphabetic type, a number and Chinese character hybrid type (which is not shown in FIG. 8 ).
  • the preset display area is started, and it is assumed that the specified input type is a display area of the nine-key numeric type.
  • the display area of the nine-key numeric type is presented to the user, and the user enters the payment password in the preset display area of the nine-key numeric type.
  • Step 6 The processor delivers the event to the second operating environment for processing.
  • determining is performed on a corresponding event generated when the user performs an operation in the input area that runs in the first operating environment, whether the event is a secure input event is determined, and when it is determined that the event is a secure input event, switching from the first operating environment to the second operating environment is performed, that is, the preset display area is presented to the user, so that a secure input time generated when the user performs an operation on the user equipment may be switched to the second operating environment for processing.
  • security of an event generated when the user performs the operation on the user equipment can be better ensured.
  • Step 7 A user performs an operation in a preset display area of user equipment.
  • Step 8 A processor in the second operating environment obtains an event corresponding to the operation.
  • step 5 For a detailed description of the preset display area, refer to the detailed description in step 5 . Details are not described herein again.
  • step 8 the user enters the payment password in the preset display area.
  • Step 9 The processor determines whether the operation of the user on the UE is performed in the preset display area, and if it is determined that the operation of the user on the UE is performed in the preset display area, perform step 10 , or if it is determined that the operation of the user on the UE is not performed in the preset display area, perform step 12 .
  • the user may perform an operation in a preset display area of a display unit, or may perform an operation outside the preset display area.
  • a corresponding event generated by the operation of the user is transmitted to a secure core.
  • the secure core determines whether the event is corresponding to an operation that falls in the preset display area. For example, the user enters the payment password in the preset display area, and the secure core determines whether a touch point of the user is in the preset display area.
  • the user triggers, for example, entering an account type (that is, performs an operation in the input area) during the foregoing operation, it is determined that the operation of the user is not performed in the preset display area; or when the user does not trigger entering an account type, it is determined that the operation of the user is performed in the preset display area.
  • the user is about to enter a payment password 12345678 by using the preset display area.
  • the user equipment receives short message service message presentation or calling line identification presentation. If the user taps the short message service message presentation, the operation of the user on the user equipment at this time falls in a short message service message presentation box. In this case, it is determined that the operation of the user on the UE is not performed in the preset display area.
  • Step 10 Continue to receive an event generated when the user performs the operation on the user equipment in the preset display area.
  • Step 11 When it is determined that the user ends the operation, the processor performs verification processing on the received event, delivers the event to the first operating environment, and feeds back a verification processing result to the user.
  • the received payment password is verified in the second operating environment, and a verification result is fed back to the user.
  • Step 12 When it is determined that the operation of the user on the user equipment is not performed in the preset display area, the processor delivers the event corresponding to the operation to the first operating environment for processing.
  • Manner 1 An interrupt may be triggered to deliver the event corresponding to the operation to the first operating environment for processing.
  • the processor may trigger an interrupt in the second operating environment, and store, by using the interrupt in the second operating environment, the event corresponding to the operation of the user in the shared storage area.
  • the processor in the monitor mode, the processor triggers an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing.
  • the processor triggers a fast interrupt request (Fast Interrupt Reques, FIQ), and stores the event corresponding to the operation of the user in the shared storage area. Then in the monitor mode, the processor triggers the interrupt in the first operating environment to obtain the event stored in the shared storage area. The interrupt in the first operating environment delivers the obtained event to the first operating environment for processing.
  • FIQ Fast Interrupt Reques
  • Manner 2 The event corresponding to the operation is delivered, by using a daemon thread, to the first operating environment for processing.
  • a daemon process is a process with a relatively long lifetime, and is usually independent of the user equipment and periodically executes a task or waits to process an event that is to occur.
  • the daemon process is usually started when the system is bootloaded, and ended when the system is disabled.
  • the processor may trigger an interrupt in the second operating environment, and store the event corresponding to the operation of the user in the shared storage area. Then in the monitor mode, the processor triggers an interrupt in the first operating environment, and triggers a daemon thread in the first operating environment by using the interrupt in the first operating environment.
  • the daemon thread obtains the event stored in the shared storage area, and the daemon thread sends the obtained event to the first operating environment for processing.
  • a current event needs to be stored in the shared storage area.
  • the interrupt in the second operating environment may be triggered, and the event may be stored in the shared storage area by using the interrupt that runs in the second environment.
  • a driver of the display unit may transmit the event to an upper-layer application, and the event may be stored in the shared storage area by using the upper-layer application.
  • the method further includes: hiding the preset display area.
  • the processor hides the preset display area.
  • an embodiment of the present invention further puts forward a data input method.
  • a specific processing procedure is as follows:
  • Step 91 A user performs an operation in a preset display area of user equipment.
  • Step 92 A processor in a second operating environment obtains an event corresponding to the operation.
  • step 5 For a detailed description of the preset display area, refer to the detailed description in step 5 . Details are not described herein again.
  • Step 93 The processor determines whether the operation of the user on the UE is performed in the preset display area, and if it is determined that the operation of the user on the UE is performed in the preset display area, perform step 94 , or if it is determined that the operation of the user on the UE is not performed in the preset display area, perform step 96 .
  • Step 94 Continue to receive an event generated when the user performs the operation on the user equipment in the preset display area.
  • Step 95 When it is determined that the user ends the operation, the processor performs verification processing on the received event, delivers the received event to a first operating environment, and feeds back a verification processing result to the user.
  • the received payment password is verified in the second operating environment, and a verification result is fed back to the user.
  • Step 96 When it is determined that the operation of the user on the user equipment is not performed in the preset display area, the processor delivers the event corresponding to the operation to the first operating environment for processing.
  • Manner 1 An interrupt may be triggered to deliver the event corresponding to the operation to the first operating environment for processing.
  • the processor may trigger an interrupt in the second operating environment, and store, by using the interrupt in the second operating environment, the event corresponding to the operation of the user in the shared storage area.
  • the processor in the monitor mode, the processor triggers an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing.
  • the processor triggers a fast interrupt request (Fast Interrupt Reques, FIQ), and stores the event corresponding to the operation of the user in the shared storage area. Then in the monitor mode, the processor triggers the interrupt in the first operating environment to obtain the event stored in the shared storage area. The interrupt in the first operating environment delivers the obtained event to the first operating environment for processing.
  • FIQ Fast Interrupt Reques
  • Manner 2 The event corresponding to the operation is delivered, by using a daemon thread, to the first operating environment for processing.
  • a daemon process is a process with a relatively long lifetime, and is usually independent of the user equipment and periodically executes a task or waits to process an event that is to occur.
  • the daemon process is usually started when the system is bootloaded, and ended when the system is disabled.
  • the processor may trigger an interrupt in the second operating environment, and store the event corresponding to the operation of the user in the shared storage area. Then in the monitor mode, the processor triggers an interrupt in the first operating environment, and triggers a daemon thread in the first operating environment by using the interrupt in the first operating environment.
  • the daemon thread obtains the event stored in the shared storage area, and the daemon thread sends the obtained event to the first operating environment for processing.
  • a current event needs to be stored in the shared storage area.
  • the interrupt in the second operating environment may be triggered, and the event may be stored in the shared storage area by using the interrupt that runs in the second environment.
  • a driver of the display unit may transmit the event to an upper-layer application, and the event may be stored in the shared storage area by using the upper-layer application.
  • the method further includes: hiding the preset display area.
  • the processor hides the preset display area.
  • an embodiment of the present invention further puts forward a data input apparatus.
  • structural composition of the apparatus includes:
  • a receiving unit 1001 configured to receive an event generated when a user performs an operation on UE in a preset display area
  • a determining unit 1002 configured to determine whether the operation of the user on the UE is performed in the preset display area
  • an execution unit 1003 configured to: when it is determined that the operation of the user on the UE is not performed in the preset display area, deliver an event corresponding to the operation to a first operating environment for processing.
  • the preset display area runs in a second operating environment of the UE, and the second operating environment has a higher security level than the first operating environment.
  • the execution unit 1003 is specifically configured to: store the event corresponding to the operation in a shared storage area, where the shared storage area is a storage area that is shared by the first operating environment and the second operating environment; and trigger an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing.
  • the execution unit 1003 is specifically configured to: trigger the interrupt in the first operating environment, and invoke a daemon thread in the first secure environment, so as to deliver, by using the daemon thread, the event stored in the shared storage area to the first operating environment for processing.
  • the execution unit 1003 is further configured to: when it is determined that the event corresponding to the operation is a secure input event, display the preset display area, so that the user performs the operation in the preset display area.
  • the secure input event is a data input event with an authority verification attribute.
  • the execution unit 1003 is further configured to hide the preset display area after delivering the event corresponding to the operation to the first operating environment for processing.
  • the preset display area includes an input edit box with a security attribute.
  • the present invention further provides a computer storage medium, configured to store a computer software instruction used by the data input apparatus according to the foregoing aspect.
  • the computer software instruction includes a program designed to execute the foregoing aspect.
  • the embodiments of the present invention may be provided as a method, an apparatus (device), or a computer program product. Therefore, the present invention may use a form of hardware only embodiments, software only embodiments, or embodiments with a combination of software and hardware. Moreover, the present invention may use a form of a computer program product that is implemented on one or more computer-usable storage media (including but not limited to a disk memory, a CD-ROM, an optical memory, and the like) that include computer-usable program code.
  • computer-usable storage media including but not limited to a disk memory, a CD-ROM, an optical memory, and the like
  • These computer program instructions may be provided for a general-purpose computer, a dedicated computer, an embedded processor, or a processor of any other programmable data processing device to generate a machine, so that the instructions executed by a computer or a processor of any other programmable data processing device generate an apparatus for implementing a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
  • These computer program instructions may also be stored in a computer readable memory that can instruct the computer or any other programmable data processing device to work in a specific manner, so that the instructions stored in the computer readable memory generate an artifact that includes an instruction apparatus.
  • the instruction apparatus implements a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
  • These computer program instructions may also be loaded onto a computer or another programmable data processing device, so that a series of operations and steps are performed on the computer or the another programmable device, thereby generating computer-implemented processing. Therefore, the instructions executed on the computer or the another programmable device provide steps for implementing a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • User Interface Of Digital Computer (AREA)
  • Storage Device Security (AREA)

Abstract

A data input method and apparatus, and user equipment are provided. The method includes: when it is determined that an operation of a user on the user equipment UE is not performed in a preset display area, deliver an event corresponding to the operation to a first operating environment for processing, where the preset display area runs in a second operating environment of the UE, and the second operating environment has a higher security level than the first operating environment. This can better improve security of an event generated when the user operates a program that runs in a Normal World of the user equipment, and can directly operate an event that runs in the Normal World.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application is a continuation of U.S. patent application Ser. No. 16/131,548, filed on Sep. 14, 2018, which is a continuation of International Application No. PCT/CN2017/075643, filed on Mar. 3, 2017, which claims priority to Chinese Patent Application No. 201610145990.7, filed on Mar. 15, 2016. All of the afore-mentioned patent applications are hereby incorporated by reference in their entireties.
  • TECHNICAL FIELD
  • The present invention relates to the field of communications technologies, and in particular, to a data input method and apparatus, and user equipment.
  • BACKGROUND
  • With continuous development of communications technologies, user equipment (user equipment, UE) can provide an increasingly more powerful application function, and increasingly more data such as personal property or privacy is stored in the user equipment.
  • The user equipment continuously develops, and system functions of the user equipment also increase continuously. With an increase in the system functions, security vulnerability inevitably occurs in a system of the user equipment. An attacker may intrude the system of the user equipment by using the security vulnerability, to obtain data stored in the user equipment, and security of a user input operation and terminal displaying cannot be ensured. For example, a user implements payment by using user equipment. When the user is entering data at an interface provided by the user equipment, an attacker may intercept an input event of the user and content displayed on the user equipment to obtain the data entered by the user. The attacker may then analyze stored historical data corresponding to an application used for the payment to obtain an account of the user. When the attacker further obtains a password entered by the user into the user equipment, a severe risk is posed to wealth of the user. In view of this, the industry puts forward a TrustZone (Trust Zone) technology. In this technology, it is proposed that hardware composition of the user equipment is divided into a Secure World (secure world) and a Normal World (normal world), and data in the Secure World can be transmitted only by using a monitor (monitor). An operating system of the user equipment runs in the Normal World. A program that runs in the Secure World has a higher security level than a program that runs in the Normal World. The Secure World is isolated from the Normal World by using hardware. The Secure World has a right to access all data in the Normal World, but the Normal World has no right to access data in the Secure World. When the user equipment is started, the Secure World is first entered, and then a program in the Secure World is responsible for switching to the Normal World, and starting the operating system of the user equipment. Concepts of the Secure World and the Normal World are put forward in the TrustZone technology, to resolve a problem of data input security in the user equipment. A data input environment that runs in the Secure World is provided, and the user may operate an event such as entering an account or a password in the provided data input environment. However, in general, when related content is displayed or entered in the data input environment that runs in the Secure World, the displayed content usually covers the entire display area of the user equipment. When the user needs to operate another event, for example, when a pop-up window of a short message service message appears when the user is entering a user name and a password, and the user needs to view the short message service message, the system needs to quit the data input environment according to an instruction of the user for viewing the short message service message, and this leads to a loss of the previously operated event. Therefore, in the TrustZone technology, neither security of an event generated when the user operates a program that runs in the Normal World of the user equipment can be completely resolved, nor an event that runs in the Normal World can be directly operated.
  • SUMMARY
  • The present invention provides a data input method and apparatus, and user equipment, so that security of an event generated when a user operates a program that runs in a Normal World of the user equipment can be better improved, and an event that runs in the Normal World can be directly operated.
  • According to a first aspect, a data input method is provided and includes: when it is determined that an operation of a user on UE is not performed in a preset display area, delivering an event corresponding to the operation to a first operating environment for processing, where the preset display area runs in a second operating environment of the UE, and the second operating environment has a higher security level than the first operating environment. This can better improve security of an event generated when the user operates a program that runs in a Normal World of the user equipment, and directly operate an event that runs in the Normal World.
  • With reference to the first aspect, in a first possible implementation of the first aspect, the method further includes: receiving an operation of the user in an input area presented by a display unit for the user, and generating an event corresponding to the operation; determining whether the event generated when the user performs the operation in the input area is a secure input event; and if it is determined that the event generated when the user performs the operation in the input area is a secure input event, starting the preset display area, and presenting the preset display area to the user by using the display unit.
  • With reference to the first possible implementation of the first aspect, in a second possible implementation of the first aspect, the starting the preset display area includes: backing up a current event in the first operating environment; triggering an interrupt in the second operating environment; and starting the preset display area by using the interrupt in the second operating environment.
  • Determining is performed on a corresponding event generated when the user performs an operation in an input area that runs in the first operating environment, and whether the event is a secure input event is determined. When it is determined that the event is a secure input event, switching from the first operating environment to the second operating environment is performed, that is, the preset display area is presented to the user, so that a secure input time generated when the user performs an operation on the user equipment may be switched to the second operating environment for processing. In this case, security of the event generated when the user performs the operation on the user equipment can be better ensured.
  • With reference to any one of the first aspect, or the first to the second possible implementations of the first aspect, in a third possible implementation of the first aspect, the preset display area and the input area are simultaneously presented on a screen of the user equipment.
  • With reference to the first aspect, in a fourth possible implementation of the first aspect, the delivering an event corresponding to the operation to a first operating environment for processing includes: storing the event corresponding to the operation in a shared storage area, where the shared storage area is a storage area that is shared by the first operating environment and the second operating environment; and triggering an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing.
  • With reference to the fourth possible implementation of the first aspect, in a fifth possible implementation of the first aspect, the triggering an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing includes: triggering the interrupt in the first operating environment, and invoking a daemon thread in the first secure environment, so as to deliver, by using the daemon thread, the event stored in the shared storage area to the first operating environment for processing.
  • With reference to any one of the first aspect, or the first to the fifth possible implementation of the first aspect, in a sixth possible implementation of the first aspect, before it is determined that the operation of the user on the user equipment UE is not performed in the preset display area, the method further includes: when it is determined that the event corresponding to the operation is a secure input event, displaying the preset display area, so that the user performs the operation in the preset display area, where the secure input event is a data input event with an authority verification attribute.
  • With reference to any one of the first aspect, or the first to the sixth possible implementation of the first aspect, in a seventh possible implementation of the first aspect, after the delivering an event corresponding to the operation to a first operating environment for processing, the method further includes: hiding the preset display area. This can improve flexibility of a user operation.
  • With reference to any one of the first aspect, or the first to the sixth possible implementation of the first aspect, in an eighth possible implementation of the first aspect, the preset display area includes a formatted input edit box.
  • With reference to the eighth possible implementation of the first aspect, in a ninth possible implementation of the first aspect, the formatted input edit box includes at least one of the following: a specified input type may be an input type such as nine-key numeric type, a nine-key Chinese character type, a nine-key alphabetic type, a number and Chinese character hybrid type. This can improve convenience of a user operation.
  • According to a second aspect, a data input apparatus is provided. The data input apparatus has a function of implementing an action of a terminal in any method design according to the first aspect and the first to the eighth possible implementations of the first aspect. The function may be implemented by hardware, or may be implemented by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the function.
  • According to a third aspect, a user terminal is provided. The user terminal has a function of implementing an action of a terminal in any method design according to the first aspect and the first to the eighth possible implementations of the first aspect. The function may be implemented by hardware, or may be implemented by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the function.
  • With reference to the third aspect, in a first possible implementation of the third aspect, a structure of the terminal includes a memory and a processor. The memory is configured to store a group of programs, and the processor is configured to invoke the programs stored in the memory, to execute the method in any one of the first aspect, or the first to the eighth possible implementations of the first aspect.
  • According to a fourth aspect, a computer storage medium is provided, and is configured to store a computer software instruction used by a data input apparatus, and the computer software instruction includes a program designed to execute the foregoing aspects.
  • By using the foregoing technical solutions, when it is determined that the operation of the user on the UE is not performed in the preset display area, the event corresponding to the operation is delivered to the first operating environment for processing. In this case, when the user operates a program that runs in a Normal World of the user equipment, even if the user needs to process another non-secure event, security of an event generated when the user operates the program that runs in the Normal World of the user equipment can be ensured, and an event that runs in the Normal World can be directly operated.
  • BRIEF DESCRIPTION OF DRAWINGS
  • FIG. 1A and FIG. 1B are a schematic diagram of a logical structure of a computing node to which a data input method is applied according to an embodiment of the present invention;
  • FIG. 2 is a schematic diagram of structural composition of user equipment according to an embodiment of the present invention;
  • FIG. 3 is a schematic diagram of structural composition of user equipment according to an embodiment of the present invention;
  • FIG. 4 is a schematic structural diagram of hardware composition of a Secure World of a data input system according to an embodiment of the present invention;
  • FIG. 5 is a flowchart of a data input method according to an embodiment of the present invention;
  • FIG. 6 is a schematic diagram of an input edit box according to an embodiment of the present invention;
  • FIG. 7 is a schematic diagram of a preset display area and an input area according to an embodiment of the present invention;
  • FIG. 8 is a schematic diagram of a specified input type according to an embodiment of the present invention;
  • FIG. 9 is a flowchart of a data input method according to an embodiment of the present invention; and
  • FIG. 10 is a schematic diagram of structural composition of a data input apparatus according to an embodiment of the present invention.
  • DESCRIPTION OF EMBODIMENTS
  • To resolve a problem that in a TrustZone technology, neither security of an event generated when a user operates a program that runs in a Normal World of user equipment can be completely resolved, nor an event that runs in the Normal World can be directly operated, in technical solutions provided in the present invention, when it is determined that an operation of a user on UE is not performed in a preset display area, an event corresponding to the operation is delivered to a first operating environment for processing. The preset display area runs in a second operating environment of the UE, and the second operating environment has a higher security level than the first operating environment. Therefore, security of the event generated when the user operates the program that runs in the Normal World of the user equipment can be better improved, and the event that runs in the Normal World can be directly operated.
  • The following expounds main implementation principles, specific implementations, and corresponding available beneficial effects of the technical solutions in the embodiments of the present invention with reference to various accompanying drawings.
  • In a technical solution put forward in an embodiment of the present invention, FIG. 1A and FIG. 1B are used as an example to describe a logical structure of a computing node to which a data input method provided in this embodiment of the present invention is applied. The computing node may be user equipment, and the user equipment may be specifically a desktop computer, a notebook computer, a smartphone, a tablet, or the like. As shown in FIG. 1, a hardware layer of the user equipment includes a central processing unit (Center Processing Unit, CPU), a graphics processing unit (Graphic Processing Unit, GPU), and the like. Certainly, the hardware layer of the user equipment may further include a memory, an input/output device (Input Device), a network interface, and the like. The input device may include a keyboard, a mouse, a touchscreen, and the like. The output device may include a display device such as a liquid crystal display (Liquid Crystal Display, LCD), a cathode-ray tube (Cathode Ray Tube, CRT), holographic imaging (Holographic), or a projector (Projector). An operating system (such as Android) and some application programs may run above the hardware layer. A kernel library layer is a core part of the operating system, and includes an input/output service, a kernel service, a graphics device interface, a graphics engine (Graphics Engine) that implements graphics processing of the CPU and the GPU, and the like. The graphics engine may include a 2D engine, a 3D engine, a combining unit (Composition), a frame buffer (Frame Buffer), and the like. The kernel library layer further includes an input method service. The input method service includes an input method service embedded in a terminal. The input method service further includes the data input method provided in this embodiment of the present invention. In addition, the terminal further includes a driver layer, a framework layer, and an application layer. The driver layer may include a CPU driver (driver), a GPU driver, a display controller driver, a TrustZone driver (Trust Zone Driver), and the like. The framework layer may include a graphic service (Graphic Service), a system service (System service), a web service (Web Service), a user service (Customer Service), and the like. The graphic service may include a widget (Widget), a canvas (Canvas), a view (Views), a render script, and the like. The application layer may include a desktop (launcher), a media player (Media Player), a browser (Browser), and the like.
  • In a TrustZone technology, when hardware and program instructions of user equipment run, there may be two operating environments: a secure operating environment and a non-secure operating environment. The non-secure operating environment may also be referred to as a Normal World, and is corresponding to a first operating environment put forward in this embodiment of the present invention. The secure operating environment may also be referred to as a Secure World, and is corresponding to a second operating environment put forward in this embodiment of the present invention. A program and hardware of the user equipment that run in the secure operating environment have a higher security level than a program and hardware of the user equipment that run in the non-secure operating environment. The Secure World may also be a virtual operating environment isolated from the operating system of the user equipment.
  • User equipment to which a data input method put forward in an embodiment of the present invention is applied is shown in FIG. 2. The user equipment 200 includes: at least one processor 201, at least one network interface 204 or another user interface 203, a memory 205, and at least one communications bus 202. The communications bus 202 is configured to implement connection and communication between these components. Optionally, the user equipment 200 includes the user interface 203 that includes a display (for example, the LCD, the CRT, the holographic imaging (Holographic), or the projector (Projector) shown in FIG. 1A and FIG. 1B), a keyboard or a click device (for example, a mouse, a trackball (trackball), a touchpad, or a touchscreen), and the like.
  • The memory 205 may include a read-only memory and a random access memory, and provide the processor 201 with a program instruction and data that are stored in the memory 205. A part of the memory 205 may further include a nonvolatile random access memory (NVRAM).
  • In some implementations, the memory 205 stores the following elements: an executable module or a data structure, or a subset thereof, or an extended set thereof.
  • An operating system 2051 includes various system program instructions. The program instructions may run on the framework layer, the kernel library layer, the driver layer, and the like shown in FIG. 1A and FIG. 1B, and are used to implement various basic services and process hardware-based tasks.
  • In the technical solution put forward in this embodiment of the present invention, the operating system may run in both a first operating environment and a second operating environment whose security level is higher than the first operating environment.
  • An application program 2052 includes various application programs, for example, the desktop (launcher), the media player (Media Player), the browser (Browser), and an input method application that are shown in FIG. 1A and FIG. 1B, and the various application programs are used to implement various application services.
  • The various application programs in the application program 2052 may be applied to the first operating environment, or may run in the second operating environment. In the technical solution put forward in this embodiment of the present invention, the application program 2052 stores a program instruction that implements the data input method, and the program instruction runs in the second operating environment.
  • In this embodiment of the present invention, the memory 205 may also be referred to as a storage area, and is configured to store a program of the data input method, and store the operating system.
  • The processor 201 invokes the program instruction stored in the memory 205, and according to the obtained program instruction, the processor 201 is configured to: when it is determined that an operation of a user on the UE is not performed in a preset display area, deliver an event corresponding to the operation to the first operating environment for processing.
  • Optionally, in an embodiment, the processor 201 is further configured to: when it is determined that the event corresponding to the operation is a secure input event, display the preset display area, so that the user performs the operation in the preset display area. The secure input event is a data input event with an authority verification attribute.
  • Further, the processor 201 is specifically configured to store the event corresponding to the operation in a shared storage area. The shared storage area is a storage area that is shared by the first operating environment and the second operating environment.
  • The user equipment further includes an interrupt in the first operating environment (which is not shown in FIG. 2). The processor 201 triggers the interrupt in the first operating environment, and the interrupt in the first operating environment delivers the event stored in the shared storage area to the first operating environment for processing. Further, the processor 201 is specifically configured to: trigger the interrupt in the first operating environment, and invoke a daemon thread in the first secure environment, so as to deliver, by using the daemon thread, the event stored in the shared storage area to the first operating environment for processing.
  • Further, the processor 201 is specifically configured to hide the preset display area.
  • User equipment to which a data input method put forward in an embodiment of the present invention is applied may be a mobile phone, a tablet, a personal digital assistant (Personal Digital Assistant, PDA), or the like. Referring to FIG. 3, FIG. 3 is a schematic diagram of structural composition of user equipment 300.
  • The user equipment 300 mainly includes a memory 320, a processor 360, and an input unit 330. The input unit 330 is configured to receive an event generated when a user performs an operation on a terminal. The memory 320 is configured to store program instructions of an operating system and various application programs.
  • In a technical solution put forward in this embodiment of the present invention, a first operating environment and a second operating environment are put forward. Correspondingly, the memory 320 may be divided into a secure memory (which may also be referred to as a secure storage area), a non-secure memory (which may also be referred to as a non-secure storage area), and a shared memory (which may also be referred to as a shared storage area). The non-secure memory is disposed in the first operating environment, and the secure memory is disposed in the second operating environment. The second operating environment has a higher security level than the first operating environment. A processor or an interrupt disposed in the first operating environment cannot directly access the secure memory in the second operating environment. A processor or an interrupt in the second operating environment may access the non-secure processor disposed in the first operating environment, and access the non-secure storage area. For the shared memory, data stored in the shared memory is data that may be accessed by processors or interrupts in both the first operating environment and the second operating environment. That is, the processors or the interrupts in the first operating environment and the second operating environment may access the shared memory to obtain the data in the shared memory.
  • It may be understood that for a specific implementation function of the processor 360, reference may be made to the detailed descriptions of the processor 201, and details are not described herein again.
  • The memory 320 may be a memory of the user equipment 300. The memory may be divided into three storage spaces. The three storage spaces are separately corresponding to a secure memory disposed in the first operating environment, a non-secure memory disposed in the second environment, and a shared memory that may be accessed by application programs or hardware in both the first operating environment and the second operating environment. The secure memory, the non-secure memory, and the shared memory may have spaces of a same size, or may have spaces of different sizes according to different stored data input events.
  • The input unit 330 of the user equipment may be configured to receive number or character information that is entered by the user, so as to generate a signal input related to user settings or function control of the user equipment 300. Specifically, in this embodiment of the present invention, the input unit 330 may include a touch panel 331. The touch panel 331 may collect an operation (such as an operation performed by the user on the touch panel 331 by using any proper object or accessory, such as a finger or a stylus) performed by the user on the touch panel 331, and drive, according to a preset program instruction, a corresponding apparatus connected to the touch panel 331. Optionally, the touch panel 331 may include two parts: a touch detection apparatus and a touch controller. The touch detection apparatus detects a touch location of the user, detects a signal brought by the touch operation, and sends the signal to the touch controller. The touch controller receives touch information received from the touch detection apparatus, converts the touch information into touch coordinates, and sends the touch coordinates to the processor 360. The touch controller can further receive and execute a command sent by the processor 360. In addition, the touch panel 331 may be implemented by using multiple types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. In addition to the touch panel 331, the input unit 330 may further include another input device 332. The another input device 332 may include but is not limited to one or more of a physical keyboard, a functional key (such as a volume control key or an on/off key), a trackball, a mouse, a joystick, or the like.
  • The user equipment 300 may further include a display unit 340. The display unit 340 may be configured to display information entered by the user or information provided for the user and various menu interfaces of the user equipment 300. The display unit 340 may include a display panel 341. Optionally, the display panel 341 may be configured in a form such as a liquid crystal display (Liquid Crystal Display, LCD) or an organic light-emitting diode (Organic Light-Emitting Diode, OLED).
  • Referring to FIG. 3, in this embodiment of the present invention, the touch panel 331 covers the display panel 341, to form a touch display screen. The touch display screen provides a preset display area for the user. After detecting a touch operation on or near the touch display screen, the touch display screen 7 transmits the touch operation to the processor 360 to determine a type of a touch event. Then the processor 360 provides a corresponding visual output on the touch display screen according to the type of the touch event.
  • In this embodiment of the present invention, the touch display screen includes different display areas. Each display area may include at least one interface element such as an icon of an application program and/or a widget home screen widget.
  • The processor 360 is a control center of the user equipment 300, is connected to each part of an entire mobile phone by using various interfaces and lines, and performs various functions of the user equipment 300 and data processing by running or executing the software program and/or the module that are/is stored in the memory 320, so as to perform overall monitoring on the user equipment 300.
  • It may be understood that during initiation, the processor 360 first enters the second operating environment, and performs initialization setting of the operating system in the second operating environment, so as to ensure security of the operating system.
  • The initialization setting includes initialization of a monitor mode. In a system initiation process, all memories (the secure memory, the non-secure memory, and the shared memory) in the operating system of the user equipment are in the second operating environment. Then an operating system image that needs to run in the first operating environment is loaded into the non-secure memory, and then the system image in the first operating environment runs.
  • Optionally, the user equipment 300 may further include an RF circuit 310, a WiFi module 380 that is configured to provide a wireless connection, a power supply 390, and an audio frequency circuit 370 that is configured to provide sound input and output.
  • Based on the user equipment 300 with the touch display screen shown in FIG. 3, in a solution put forward in this embodiment of the present invention, operating environments of a data input method are divided into a Normal World (a first operating environment) and a Secure World (a second operating environment). For hardware composition, one user equipment has only one set of hardware structures. However, in the hardware, security attributes of some hardware can be dynamically set, but security attributes of the other hardware are fixed. Security of the entire system is obtained by dividing a hardware resource and a software resource of a system on chip (System on Chip, SoC) into the two worlds. The Secure World and the Normal World are a Secure World corresponding to a secure subsystem and a Normal World corresponding to another subsystem.
  • As shown in FIG. 4, the SoC system includes a processor (Core) 401. In a processor architecture, each physical processor core provides two virtual cores: a non-secure (Non-secure, NS) core and a secure (Secure) core. A mechanism of switching between the non-secure core and the secure core is referred to as a monitor (monitor) mode. The non-secure core can access only a system resource of the NS, but the secure core can access all resources in the user equipment. The SoC further includes direct memory access (Direct Memory Access, DMA) 402, a secure random access memory (Secure Random Access Memory, Secure RAM) 403, a secure boot read only memory (Secure Boot Read Only Memory, Secure Boot ROM) 404, a generic interrupt controller (Generic Interrupt Controller, GIC) 405 that is integrated with TrustZone support and that can work in the first operating environment and the second operating environment, a TrustZone interrupt controller (Trust Zone Interrupt Controller, TZIC) 406 that may be independently implemented, and the like. The SoC further includes a TrustZone address space controller (Trust Zone Address Space Controller, TZASC) 407 that is configured to support a secure interrupt, a TrustZone protection controller (Trust Zone Protection Controller, TZPC) 408, a dynamic memory controller (Dynamic Memory Controller, DMC) 409, a dynamic RAM (Dynamic RAM) 410, and the like. The TZPC is configured to set a security attribute of a peripheral. For example, the TZPC may set an attribute of the display unit to secure. In this case, an operation in the first operating environment cannot access a device that is set as secure. The TZASC is configured to control classification of a security attribute of the DRAM. The TZASC may set a part of the DRAM as secure, and set the other part of the DRAM as non-secure. If the processor in the first operating environment initiates an access request to the secure memory, the access request is refused. Access of DMA in the first operating environment to the secure memory is refused, and this ensures that the secure memory is not accessed by any operating system or hardware in the first operating environment. The GIC is responsible for controlling all interrupt information, and the GIC may set some interrupts as secure, and set some interrupts as normal.
  • SoC components are connected to each other by using an Advanced Extensible Interface (Advanced eXtensible Interactive, AXI) 411. The SoC communicates with the peripheral by using an Advanced Extensible Interface to Advanced Peripheral Bus Bridge (Advanced eXtensible Interactive to Advanced Peripheral Bus Bridge, AXI2APB) bridge 412. The AXI2APB may sense a security attribute of an event that currently accesses the peripheral. When an event in the first operating environment accesses a peripheral whose attribute is set to secure, the AXI2APB refuses this access. A secure RAM and a secure ROM are isolated by using a software and hardware mechanism, and the secure RAM and the secure ROM are configured to store an operating system that runs in the second operating environment.
  • In the data input method put forward in this embodiment of the present invention, the SoC system is initiated after powered on. During starting, the system first enters the second operating environment, and then performs initiation setting in the second operating environment. The initiation setting includes initiation of the operating system in the second operating environment. In a process of initiating the system, all memories in the operating system of the user equipment are in the second operating environment. Then the operating system image that needs to run in the first operating environment is loaded to a memory, and some memories are allocated to the first operating environment. Security attributes of the some memories allocated to the first operating environment are set to non-secure. Then the system image in the first operating environment runs.
  • The following describes in detail a processing procedure of a data input method put forward in an embodiment of the present invention. As shown in FIG. 5, a specific implementation process of delivering an event from a first operating environment to a second operating environment for processing is first described.
  • Step 1: A display unit presents an input area to a user, and the user performs an operation in the input area to generate an event corresponding to the operation.
  • Detailed description is provided by using an example in which the user enters a payment password of a numeric type in the input area presented by the display unit. The display unit may include a touch panel of a touch nature. The user touches the touch panel, enters a payment account in the input area, and continues to enter a payment password after entering the payment account. A processor receives an event generated when the user operates the touch panel. Specifically, a non-secure core in the first operating environment may receive the event generated when the user operates the touch panel.
  • Step 2: The processor determines whether the event generated when the user operates performs the operation in the input area is a secure input event. If it is determined that the event is not a secure input event, the user continues to perform the operation in the input area to generate an event corresponding to the operation, and the processor continues to process the event.
  • The secure input event is an event generated only when the user enters a password with an authority verification attribute. For example, in a payment application, after the user enters a user name, the user needs to continue to enter a payment password corresponding to the user name, and after the payment password and the user name are matched, payment is completed. An event corresponding to an operation that the user continues to enter the payment password corresponding to the user name is a secure input event.
  • A security attribute of the input area presented by the display unit may be edited in advance. The input area is set to a non-secure display area that runs in the first operating environment and a secure display area that runs in the second operating environment. For example, in a specific implementation process, as shown in FIG. 6, an input area in the first operating environment may be an input edit box with a fixed shape and size. The input edit box may be in any shape. As shown in FIG. 6, a square shape is only used as an example. During setting, a security attribute may be added to the input edit box, and the security attribute is set. For example, the secure attribute is set to a numeric attribute. That is, when a received event operated by the user in the input edit box is triggering numeric input, it is determined that the event is a secure input event.
  • Detailed description is provided below by still using the example in which the user enters the payment password of the numeric type. When the user is about to enter the payment password of the numeric type, for example, the payment password of the user is 12345678, when the user triggers a number, it is determined that a data input event operated by the user is a secure input event.
  • Step 3: The processor triggers a TZ driver when it is determined that a data input event operated by the user is a secure input event. The TZ driver triggers a monitor (monitor) mode used for switching between the first operating environment and the second operating environment, and the processor enters the second operating environment by using a monitor.
  • Step 4: The processor backs up a current event in the first operating environment in the monitor mode. The processor triggers an interrupt in the first operating environment, and stores the currently determined secure input event in a shared storage area. After saving of the secure input event is completed, an interrupt in the second operating environment is triggered in the monitor mode, and a processor in the second operating environment, that is, a secure core, is triggered by using the interrupt in the second operating environment.
  • Step 5: The secure core (that is, the processor in the second operating environment) triggers the interrupt, starts a preset display area, and presents the preset display area to the user by using the display unit. A following operation of the user is performed in the preset display area.
  • The preset display area runs in the second operating environment. The preset display area may be a part of a screen of the user equipment, and the user may perform an input operation in the preset display area. Correspondingly, the preset display area may be an input edit box that has a fixed shape and size and has a security attribute. As shown in FIG. 7, the preset display area is started. The preset display area and the input area may be simultaneously presented on the screen of the user equipment. The preset display area may cover a part of the input area and overlap the part of the input area. The preset display area may include a specified input type. As shown in FIG. 8, the specified input type may be an input type such as a nine-key numeric type, a nine-key Chinese character type (which is not shown in FIG. 8), a nine-key alphabetic type, a number and Chinese character hybrid type (which is not shown in FIG. 8).
  • For example, the preset display area is started, and it is assumed that the specified input type is a display area of the nine-key numeric type. In the display unit, the display area of the nine-key numeric type is presented to the user, and the user enters the payment password in the preset display area of the nine-key numeric type.
  • Step 6: The processor delivers the event to the second operating environment for processing.
  • By using the foregoing technical solution, determining is performed on a corresponding event generated when the user performs an operation in the input area that runs in the first operating environment, whether the event is a secure input event is determined, and when it is determined that the event is a secure input event, switching from the first operating environment to the second operating environment is performed, that is, the preset display area is presented to the user, so that a secure input time generated when the user performs an operation on the user equipment may be switched to the second operating environment for processing. In this case, security of an event generated when the user performs the operation on the user equipment can be better ensured.
  • As shown in FIG. 5, a specific implementation process of delivering an event from a second operating environment to a first operating environment for processing is then described.
  • Step 7: A user performs an operation in a preset display area of user equipment.
  • Step 8: A processor in the second operating environment obtains an event corresponding to the operation.
  • For a detailed description of the preset display area, refer to the detailed description in step 5. Details are not described herein again.
  • Likewise, description is provided by using an example in which the user enters a payment password of a numeric type. In step 8, the user enters the payment password in the preset display area.
  • Step 9: The processor determines whether the operation of the user on the UE is performed in the preset display area, and if it is determined that the operation of the user on the UE is performed in the preset display area, perform step 10, or if it is determined that the operation of the user on the UE is not performed in the preset display area, perform step 12.
  • Specifically, the user may perform an operation in a preset display area of a display unit, or may perform an operation outside the preset display area. A corresponding event generated by the operation of the user is transmitted to a secure core. The secure core determines whether the event is corresponding to an operation that falls in the preset display area. For example, the user enters the payment password in the preset display area, and the secure core determines whether a touch point of the user is in the preset display area. When the user triggers, for example, entering an account type (that is, performs an operation in the input area) during the foregoing operation, it is determined that the operation of the user is not performed in the preset display area; or when the user does not trigger entering an account type, it is determined that the operation of the user is performed in the preset display area. For example, the user is about to enter a payment password 12345678 by using the preset display area. When the user enters 123, the user equipment receives short message service message presentation or calling line identification presentation. If the user taps the short message service message presentation, the operation of the user on the user equipment at this time falls in a short message service message presentation box. In this case, it is determined that the operation of the user on the UE is not performed in the preset display area.
  • Step 10: Continue to receive an event generated when the user performs the operation on the user equipment in the preset display area.
  • Step 11: When it is determined that the user ends the operation, the processor performs verification processing on the received event, delivers the event to the first operating environment, and feeds back a verification processing result to the user.
  • For example, when the user ends entering the payment password, the received payment password is verified in the second operating environment, and a verification result is fed back to the user.
  • Step 12: When it is determined that the operation of the user on the user equipment is not performed in the preset display area, the processor delivers the event corresponding to the operation to the first operating environment for processing.
  • There may be two implementations of delivering the event corresponding to the operation to the first operating environment for processing.
  • Manner 1: An interrupt may be triggered to deliver the event corresponding to the operation to the first operating environment for processing.
  • In Manner 1, the processor may trigger an interrupt in the second operating environment, and store, by using the interrupt in the second operating environment, the event corresponding to the operation of the user in the shared storage area. In this case, in the monitor mode, the processor triggers an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing.
  • For example, the processor triggers a fast interrupt request (Fast Interrupt Reques, FIQ), and stores the event corresponding to the operation of the user in the shared storage area. Then in the monitor mode, the processor triggers the interrupt in the first operating environment to obtain the event stored in the shared storage area. The interrupt in the first operating environment delivers the obtained event to the first operating environment for processing.
  • Manner 2: The event corresponding to the operation is delivered, by using a daemon thread, to the first operating environment for processing.
  • In Manner 2, a daemon process is a process with a relatively long lifetime, and is usually independent of the user equipment and periodically executes a task or waits to process an event that is to occur. The daemon process is usually started when the system is bootloaded, and ended when the system is disabled. In Manner 2, the processor may trigger an interrupt in the second operating environment, and store the event corresponding to the operation of the user in the shared storage area. Then in the monitor mode, the processor triggers an interrupt in the first operating environment, and triggers a daemon thread in the first operating environment by using the interrupt in the first operating environment. The daemon thread obtains the event stored in the shared storage area, and the daemon thread sends the obtained event to the first operating environment for processing.
  • In the foregoing two specific implementations of delivering the event corresponding to the operation to the first operating environment for processing, before the event is delivered, a current event needs to be stored in the shared storage area. In this case, the interrupt in the second operating environment may be triggered, and the event may be stored in the shared storage area by using the interrupt that runs in the second environment. Alternatively, a driver of the display unit may transmit the event to an upper-layer application, and the event may be stored in the shared storage area by using the upper-layer application.
  • Optionally, after delivering the event corresponding to the operation to the first operating environment for processing, the method further includes: hiding the preset display area.
  • For example, after entering 12345678, the user does not need to perform any other operation, and in this case, the processor hides the preset display area.
  • Correspondingly, an embodiment of the present invention further puts forward a data input method. As shown in FIG. 9, a specific processing procedure is as follows:
  • Step 91: A user performs an operation in a preset display area of user equipment.
  • Step 92: A processor in a second operating environment obtains an event corresponding to the operation.
  • For a detailed description of the preset display area, refer to the detailed description in step 5. Details are not described herein again.
  • Likewise, description is provided by using an example in which the user enters a payment password of a numeric type. The user enters the payment password in the preset display area.
  • Step 93: The processor determines whether the operation of the user on the UE is performed in the preset display area, and if it is determined that the operation of the user on the UE is performed in the preset display area, perform step 94, or if it is determined that the operation of the user on the UE is not performed in the preset display area, perform step 96.
  • Step 94: Continue to receive an event generated when the user performs the operation on the user equipment in the preset display area.
  • Step 95: When it is determined that the user ends the operation, the processor performs verification processing on the received event, delivers the received event to a first operating environment, and feeds back a verification processing result to the user.
  • For example, when the user ends entering the payment password, the received payment password is verified in the second operating environment, and a verification result is fed back to the user.
  • Step 96: When it is determined that the operation of the user on the user equipment is not performed in the preset display area, the processor delivers the event corresponding to the operation to the first operating environment for processing.
  • There may be two implementations of delivering the event corresponding to the operation to the first operating environment for processing.
  • Manner 1: An interrupt may be triggered to deliver the event corresponding to the operation to the first operating environment for processing.
  • In Manner 1, the processor may trigger an interrupt in the second operating environment, and store, by using the interrupt in the second operating environment, the event corresponding to the operation of the user in the shared storage area. In this case, in the monitor mode, the processor triggers an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing.
  • For example, the processor triggers a fast interrupt request (Fast Interrupt Reques, FIQ), and stores the event corresponding to the operation of the user in the shared storage area. Then in the monitor mode, the processor triggers the interrupt in the first operating environment to obtain the event stored in the shared storage area. The interrupt in the first operating environment delivers the obtained event to the first operating environment for processing.
  • Manner 2: The event corresponding to the operation is delivered, by using a daemon thread, to the first operating environment for processing.
  • In Manner 2, a daemon process is a process with a relatively long lifetime, and is usually independent of the user equipment and periodically executes a task or waits to process an event that is to occur. The daemon process is usually started when the system is bootloaded, and ended when the system is disabled. In Manner 2, the processor may trigger an interrupt in the second operating environment, and store the event corresponding to the operation of the user in the shared storage area. Then in the monitor mode, the processor triggers an interrupt in the first operating environment, and triggers a daemon thread in the first operating environment by using the interrupt in the first operating environment. The daemon thread obtains the event stored in the shared storage area, and the daemon thread sends the obtained event to the first operating environment for processing.
  • In the foregoing two specific implementations of delivering the event corresponding to the operation to the first operating environment for processing, before the event is delivered, a current event needs to be stored in the shared storage area. In this case, the interrupt in the second operating environment may be triggered, and the event may be stored in the shared storage area by using the interrupt that runs in the second environment. Alternatively, a driver of the display unit may transmit the event to an upper-layer application, and the event may be stored in the shared storage area by using the upper-layer application.
  • Optionally, after delivering the event corresponding to the operation to the first operating environment for processing, the method further includes: hiding the preset display area.
  • For example, after entering 12345678, the user does not need to perform any other operation, and in this case, the processor hides the preset display area.
  • Correspondingly, an embodiment of the present invention further puts forward a data input apparatus. As shown in FIG. 10, structural composition of the apparatus includes:
  • a receiving unit 1001, configured to receive an event generated when a user performs an operation on UE in a preset display area;
  • a determining unit 1002, configured to determine whether the operation of the user on the UE is performed in the preset display area; and
  • an execution unit 1003, configured to: when it is determined that the operation of the user on the UE is not performed in the preset display area, deliver an event corresponding to the operation to a first operating environment for processing.
  • The preset display area runs in a second operating environment of the UE, and the second operating environment has a higher security level than the first operating environment.
  • Optionally, in the foregoing apparatus, the execution unit 1003 is specifically configured to: store the event corresponding to the operation in a shared storage area, where the shared storage area is a storage area that is shared by the first operating environment and the second operating environment; and trigger an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing.
  • Specifically, the execution unit 1003 is specifically configured to: trigger the interrupt in the first operating environment, and invoke a daemon thread in the first secure environment, so as to deliver, by using the daemon thread, the event stored in the shared storage area to the first operating environment for processing.
  • Specifically, the execution unit 1003 is further configured to: when it is determined that the event corresponding to the operation is a secure input event, display the preset display area, so that the user performs the operation in the preset display area. The secure input event is a data input event with an authority verification attribute.
  • Specifically, the execution unit 1003 is further configured to hide the preset display area after delivering the event corresponding to the operation to the first operating environment for processing.
  • Specifically, the preset display area includes an input edit box with a security attribute.
  • The present invention further provides a computer storage medium, configured to store a computer software instruction used by the data input apparatus according to the foregoing aspect. The computer software instruction includes a program designed to execute the foregoing aspect.
  • A person skilled in the art should understand that the embodiments of the present invention may be provided as a method, an apparatus (device), or a computer program product. Therefore, the present invention may use a form of hardware only embodiments, software only embodiments, or embodiments with a combination of software and hardware. Moreover, the present invention may use a form of a computer program product that is implemented on one or more computer-usable storage media (including but not limited to a disk memory, a CD-ROM, an optical memory, and the like) that include computer-usable program code.
  • The present invention is described with reference to the flowcharts and/or block diagrams of the method, the apparatus (device), and the computer program product according to the embodiments of the present invention. It should be understood that computer program instructions may be used to implement each process and/or each block in the flowcharts and/or the block diagrams and a combination of a process and/or a block in the flowcharts and/or the block diagrams. These computer program instructions may be provided for a general-purpose computer, a dedicated computer, an embedded processor, or a processor of any other programmable data processing device to generate a machine, so that the instructions executed by a computer or a processor of any other programmable data processing device generate an apparatus for implementing a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
  • These computer program instructions may also be stored in a computer readable memory that can instruct the computer or any other programmable data processing device to work in a specific manner, so that the instructions stored in the computer readable memory generate an artifact that includes an instruction apparatus. The instruction apparatus implements a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
  • These computer program instructions may also be loaded onto a computer or another programmable data processing device, so that a series of operations and steps are performed on the computer or the another programmable device, thereby generating computer-implemented processing. Therefore, the instructions executed on the computer or the another programmable device provide steps for implementing a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
  • Although some preferred embodiments of the present invention have been described, a person skilled in the art can make changes and modifications to these embodiments once they learn the basic inventive concept. Therefore, the following claims are intended to be construed as to cover the preferred embodiments and all changes and modifications falling within the scope of the present invention.
  • Obviously, a person skilled in the art can make various modifications and variations to the present invention without departing from the spirit and scope of the present invention. The present invention is intended to cover these modifications and variations provided that they fall within the scope of protection defined by the following claims and their equivalent technologies.

Claims (20)

What is claimed is:
1. A data input method for a user equipment (UE) with a first operating environment and a second operating environment, where the second operating environment has a higher security level than the first operating environment, comprising:
displaying a preset display area, wherein the preset display area runs in the second operating environment;
receiving a second operation performed on the UE;
storing a second event corresponding to the second operation in a shared storage area when determining the second operation is not performed in the preset display area, wherein the shared storage area is a storage area that is shared by the first operating environment and the second operating environment; and triggering an interrupt in the first operating environment, to enable the second event stored in the shared storage area be obtained by the first operating environment for processing.
2. The method according to claim 1, wherein the triggering an interrupt in the first operating environment, to enable the second event stored in the shared storage area be obtained by the first operating environment for processing comprises:
triggering the interrupt in the first operating environment, and invoking a daemon thread in the first secure environment, so as to deliver, by using the daemon thread, the second event stored in the shared storage area to the first operating environment for processing.
3. The method according to claim 1, wherein the method further comprises:
displaying the preset display area when determining that a first event corresponding to a first operation is a secure input event, wherein the secure input event is a data input event with an authority verification attribute.
4. The method according to claim 1, wherein the preset display area comprises a formatted input edit box.
5. The method according to claim 1, wherein the method further comprises: hiding the preset display area.
6. The method according to claim 1, wherein the first operating environment is run in a first virtual core of a processor and the second operating environment is run in a second virtual core of the processor.
7. The method according to claim 6, wherein the first virtual core is a non-secure core, and the second virtual core is a secure core.
8. The method according to claim 3, wherein the content of the authority verification attribute is a password.
9. An apparatus, comprising:
a processor; and
a memory having computer readable instructions stored thereon that, when executed by the processor, cause the apparatus to:
display a preset display area, wherein the preset display area runs in the second operating environment;
receive a second operation performed on the UE;
store a second event corresponding to the second operation in a shared storage area when determining the second operation is not performed in the preset display area, wherein the shared storage area is a storage area that is shared by the first operating environment and the second operating environment; and triggering an interrupt in the first operating environment, to enable the second event stored in the shared storage area be obtained by the first operating environment for processing.
10. The apparatus according to claim 9, wherein the apparatus is further caused to:
trigger the interrupt in the first operating environment, and invoking a daemon thread in the first secure environment, so as to deliver, by using the daemon thread, the second event stored in the shared storage area to the first operating environment for processing.
11. The apparatus according to claim 9, wherein the apparatus is further caused to:
display the preset display area when determining that a first event corresponding to a first operation is a secure input event, wherein the secure input event is a data input event with an authority verification attribute.
12. The apparatus according to claim 9, wherein the apparatus is further caused to: hide the preset display area.
13. The apparatus according to claim 9, wherein the first operating environment is run in a first virtual core of a processor and the second operating environment is run in a second virtual core of the processor.
14. The apparatus according to claim 13, wherein the first virtual core is a non-secure core, and the second virtual core is a secure core.
15. The apparatus according to claim 11, wherein the content of the authority verification attribute is a password.
16. The apparatus according to claim 9, wherein the preset display area is hidden unless the secure input event is determined.
17. A non-transitory computer-readable storage medium, comprising computer-readable instructions stored thereon that, when executed by at least one processor, cause an apparatus to:
display a preset display area, wherein the preset display area runs in the second operating environment;
receive a second operation performed on the UE;
store a second event corresponding to the second operation in a shared storage area when determining the second operation is not performed in the preset display area, wherein the shared storage area is a storage area that is shared by the first operating environment and the second operating environment; and triggering an interrupt in the first operating environment, to enable the second event stored in the shared storage area be obtained by the first operating environment for processing.
18. The non-transitory storage medium according to claim 17, wherein the apparatus is further caused to:
trigger the interrupt in the first operating environment, and invoking a daemon thread in the first secure environment, so as to deliver, by using the daemon thread, the second event stored in the shared storage area to the first operating environment for processing.
19. The non-transitory storage medium according to claim 17, wherein the apparatus is further caused to:
display the preset display area when determining that a first event corresponding to a first operation is a secure input event, wherein the secure input event is a data input event with an authority verification attribute.
20. The non-transitory storage medium according to claim 17, wherein the apparatus is further caused to: hide the preset display area.
US17/085,539 2016-03-15 2020-10-30 Data input method and apparatus and user equipment Active 2037-06-04 US11574064B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US17/085,539 US11574064B2 (en) 2016-03-15 2020-10-30 Data input method and apparatus and user equipment

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
CN201610145990.7A CN105825128B (en) 2016-03-15 2016-03-15 Data input method and device and user equipment
CN201610145990.7 2016-03-15
PCT/CN2017/075643 WO2017157192A1 (en) 2016-03-15 2017-03-03 Data input method, device and user equipment
US16/131,548 US10831905B2 (en) 2016-03-15 2018-09-14 Data input method and apparatus and user equipment
US17/085,539 US11574064B2 (en) 2016-03-15 2020-10-30 Data input method and apparatus and user equipment

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US16/131,548 Continuation US10831905B2 (en) 2016-03-15 2018-09-14 Data input method and apparatus and user equipment

Publications (2)

Publication Number Publication Date
US20210049286A1 true US20210049286A1 (en) 2021-02-18
US11574064B2 US11574064B2 (en) 2023-02-07

Family

ID=56987835

Family Applications (2)

Application Number Title Priority Date Filing Date
US16/131,548 Active 2037-06-09 US10831905B2 (en) 2016-03-15 2018-09-14 Data input method and apparatus and user equipment
US17/085,539 Active 2037-06-04 US11574064B2 (en) 2016-03-15 2020-10-30 Data input method and apparatus and user equipment

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US16/131,548 Active 2037-06-09 US10831905B2 (en) 2016-03-15 2018-09-14 Data input method and apparatus and user equipment

Country Status (4)

Country Link
US (2) US10831905B2 (en)
EP (1) EP3418934A1 (en)
CN (1) CN105825128B (en)
WO (1) WO2017157192A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4273720A1 (en) * 2022-05-05 2023-11-08 STMicroelectronics (Rousset) SAS System-on-chip incorporating a direct memory access circuit and corresponding method

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105825128B (en) 2016-03-15 2020-05-19 华为技术有限公司 Data input method and device and user equipment
CN107168747B (en) * 2017-05-27 2020-12-29 努比亚技术有限公司 Method and device for distinguishing mobile terminal configuration and computer readable storage medium
CN109426355B (en) * 2017-08-31 2022-12-30 华为终端有限公司 Input method and input device of electronic equipment and electronic equipment
CN110059489B (en) * 2018-01-19 2021-08-17 旭景科技股份有限公司 Secure electronic device
GB201806465D0 (en) 2018-04-20 2018-06-06 Nordic Semiconductor Asa Memory-access controll
GB201810659D0 (en) 2018-06-28 2018-08-15 Nordic Semiconductor Asa Secure-Aware Bus System
GB201810662D0 (en) 2018-06-28 2018-08-15 Nordic Semiconductor Asa Peripheral Access On A Secure-Aware Bus System
GB201810653D0 (en) * 2018-06-28 2018-08-15 Nordic Semiconductor Asa Secure peripheral interconnect

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6199181B1 (en) * 1997-09-09 2001-03-06 Perfecto Technologies Ltd. Method and system for maintaining restricted operating environments for application programs or operating systems
US20010043198A1 (en) * 2000-03-22 2001-11-22 Ludtke Harold Aaron Data entry user interface
US20030225556A1 (en) * 2000-12-28 2003-12-04 Zeidman Robert Marc Apparatus and method for connecting hardware to a circuit simulation
WO2004046916A2 (en) * 2002-11-18 2004-06-03 Arm Limited Exception types within a secure processing system
US20140096222A1 (en) * 2012-10-01 2014-04-03 Nxp B.V. Secure user authentication using a master secure element
EP2741229A1 (en) * 2012-12-07 2014-06-11 Samsung Electronics Co., Ltd Priority-based application execution method and apparatus of a dual-mode data processing device
CN105447406A (en) * 2015-11-10 2016-03-30 华为技术有限公司 Method and apparatus for accessing storage space
US9619161B2 (en) * 2013-12-31 2017-04-11 Sung Gon Cho Storage system having security storage device and management system therefor
US9734313B2 (en) * 2014-06-16 2017-08-15 Huawei Technologies Co., Ltd. Security mode prompt method and apparatus

Family Cites Families (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040226041A1 (en) * 2000-02-18 2004-11-11 Xsides Corporation System and method for parallel data display of multiple executing environments
US7062466B2 (en) * 2000-12-06 2006-06-13 The Belo Company Method and system for operating online classified advertisements
JP4439187B2 (en) * 2003-02-10 2010-03-24 シャープ株式会社 Data processing device
US20070266444A1 (en) * 2004-12-03 2007-11-15 Moshe Segal Method and System for Securing Data Stored in a Storage Device
US20080275992A1 (en) * 2005-02-09 2008-11-06 Access Systems Americas, Inc. System and method of managing connections between a computing system and an available network using a connection manager
US7954064B2 (en) * 2005-10-27 2011-05-31 Apple Inc. Multiple dashboards
CN100428164C (en) * 2006-01-23 2008-10-22 联想(北京)有限公司 Virtual machine system and device access method thereof
US8261064B2 (en) * 2007-02-27 2012-09-04 L-3 Communications Corporation Integrated secure and non-secure display for a handheld communications device
US20130145475A1 (en) * 2011-12-02 2013-06-06 Samsung Electronics Co., Ltd. Method and apparatus for securing touch input
KR101930864B1 (en) 2012-02-16 2019-03-11 삼성전자주식회사 Method and apparatus for protecting digital content using device authentication
US8812873B2 (en) * 2012-09-26 2014-08-19 Intel Corporation Secure execution of a computer program using binary translators
US20140101755A1 (en) * 2012-10-10 2014-04-10 Research In Motion Limited Mobile wireless communications device providing security features based upon wearable near field communication (nfc) device and related methods
WO2014141206A1 (en) * 2013-03-15 2014-09-18 Ologn Technologies Ag Secure zone on a virtual machine for digital communications
US20140281560A1 (en) * 2013-03-15 2014-09-18 Ologn Technologies Ag Secure zone on a virtual machine for digital communications
JP6067449B2 (en) * 2013-03-26 2017-01-25 株式会社東芝 Information processing apparatus and information processing program
WO2015073830A1 (en) * 2013-11-15 2015-05-21 Ctpg Operating, Llc System and method for printing a hidden and secure barcode
KR20150077774A (en) * 2013-12-30 2015-07-08 삼성전자주식회사 Method and Apparatus for Switching Display
JP2015215687A (en) * 2014-05-08 2015-12-03 パナソニックIpマネジメント株式会社 Portable settlement terminal device
CN104239783A (en) * 2014-09-19 2014-12-24 东软集团股份有限公司 System and method for safely inputting customizing messages
CN104318182B (en) * 2014-10-29 2017-09-12 中国科学院信息工程研究所 A kind of intelligent terminal shielding system and method extended based on processor security
US10754967B1 (en) * 2014-12-15 2020-08-25 Marvell Asia Pte, Ltd. Secure interrupt handling between security zones
US20160239649A1 (en) * 2015-02-13 2016-08-18 Qualcomm Incorporated Continuous authentication
CN105930040A (en) * 2015-02-27 2016-09-07 三星电子株式会社 Electronic device including electronic payment system and operating method thereof
CN104820573A (en) * 2015-05-27 2015-08-05 南京芯度电子科技有限公司 Safety human-computer interactive interface system and implementation method thereof
CN104933361A (en) * 2015-06-05 2015-09-23 浪潮电子信息产业股份有限公司 Device and method for protecting login password
CN105224403B (en) * 2015-09-17 2018-09-28 华为技术有限公司 A kind of interruption processing method and device
CN110059500A (en) * 2015-11-30 2019-07-26 华为技术有限公司 User interface switching method and terminal
CN105825128B (en) * 2016-03-15 2020-05-19 华为技术有限公司 Data input method and device and user equipment
US10740496B2 (en) * 2017-02-13 2020-08-11 Samsung Electronics Co., Ltd. Method and apparatus for operating multi-processor system in electronic device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6199181B1 (en) * 1997-09-09 2001-03-06 Perfecto Technologies Ltd. Method and system for maintaining restricted operating environments for application programs or operating systems
US20010043198A1 (en) * 2000-03-22 2001-11-22 Ludtke Harold Aaron Data entry user interface
US20030225556A1 (en) * 2000-12-28 2003-12-04 Zeidman Robert Marc Apparatus and method for connecting hardware to a circuit simulation
WO2004046916A2 (en) * 2002-11-18 2004-06-03 Arm Limited Exception types within a secure processing system
US20140096222A1 (en) * 2012-10-01 2014-04-03 Nxp B.V. Secure user authentication using a master secure element
EP2741229A1 (en) * 2012-12-07 2014-06-11 Samsung Electronics Co., Ltd Priority-based application execution method and apparatus of a dual-mode data processing device
US9619161B2 (en) * 2013-12-31 2017-04-11 Sung Gon Cho Storage system having security storage device and management system therefor
US9734313B2 (en) * 2014-06-16 2017-08-15 Huawei Technologies Co., Ltd. Security mode prompt method and apparatus
CN105447406A (en) * 2015-11-10 2016-03-30 华为技术有限公司 Method and apparatus for accessing storage space

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4273720A1 (en) * 2022-05-05 2023-11-08 STMicroelectronics (Rousset) SAS System-on-chip incorporating a direct memory access circuit and corresponding method
FR3135334A1 (en) * 2022-05-05 2023-11-10 Stmicroelectronics (Rousset) Sas SYSTEM ON CHIP INTEGRATING A DIRECT MEMORY ACCESS CIRCUIT AND CORRESPONDING METHOD

Also Published As

Publication number Publication date
EP3418934A4 (en) 2018-12-26
BR112018068582A2 (en) 2019-02-12
US11574064B2 (en) 2023-02-07
CN105825128B (en) 2020-05-19
US10831905B2 (en) 2020-11-10
EP3418934A1 (en) 2018-12-26
CN105825128A (en) 2016-08-03
WO2017157192A1 (en) 2017-09-21
US20190018969A1 (en) 2019-01-17

Similar Documents

Publication Publication Date Title
US11574064B2 (en) Data input method and apparatus and user equipment
US11874903B2 (en) User interface switching method and terminal
US10133396B2 (en) Virtual input device using second touch-enabled display
US9654603B1 (en) Client-side rendering for virtual mobile infrastructure
US8458619B2 (en) Method, system and program product for screensaver breakthrough of prioritized messages
EP3255578B1 (en) Interface display method of terminal and terminal
EP2752766B1 (en) Touch event processing method and portable device implementing the same
US9300720B1 (en) Systems and methods for providing user inputs to remote mobile operating systems
US9164646B2 (en) Method and apparatus for accommodating display migration among a plurality of physical displays
US9444912B1 (en) Virtual mobile infrastructure for mobile devices
US9454396B2 (en) Thin client computing device having touch screen interactive capability support
US9001050B2 (en) Touch screen emulation for a virtual machine
US20230195298A1 (en) Permission setting method and apparatus and electronic device
US20120066640A1 (en) Apparatus for providing multi-mode warping of graphical user interface objects
WO2021164460A1 (en) Touch response method and apparatus, electronic device, and storage medium
US20200089512A1 (en) Method and Apparatus for Invoking Input Method, Server, and Terminal
WO2023093661A1 (en) Interface control method and apparatus, and electronic device and storage medium
WO2021115257A1 (en) Application switching method and apparatus, storage medium and electronic device
BR112018068582B1 (en) DATA ENTRY METHOD, APPARATUS, AND USER EQUIPMENT
JP7176067B1 (en) Information processing device and control method
US20240220179A1 (en) Control method, apparatus, and electronic device
KR102411920B1 (en) Electronic device and control method thereof
JP5831948B2 (en) Information terminal, information input image display method, and program
TW201439882A (en) Touch event processing method and portable device implementing the same
Seeger et al. The Linux-GGI Project

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: APPLICATION DISPATCHED FROM PREEXAM, NOT YET DOCKETED

AS Assignment

Owner name: HUAWEI TECHNOLOGIES CO., LTD., CHINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ZHANG, PENG;WANG, JI;LI, HUI;AND OTHERS;SIGNING DATES FROM 20180222 TO 20181024;REEL/FRAME:055493/0440

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STCF Information on status: patent grant

Free format text: PATENTED CASE